As the mobile public increasingly interacts with a global interconnected digital world, it is important that data is secure. It is desirable to have the freedom to securely log on, make purchases, or check one's status anywhere at any time. Data encryption can help protect Internet traffic over the wire, but in 2012 the Identity Theft Bureau of Justice Statistics reported that over $24.7 billion was still lost due to the theft of digital identities.
There are many security measures in place to protect our sensitive information once it enters the virtual sphere. There is, however, no real solution to address getting the information from the human user to the virtual sphere when the user is located in a public place.
Wearable mobile computing devices such as smart watches, sport and fitness activity bands and even augmented reality eyewear are being used in increasing quantities. Wearable smart technology has been projected to be a $50 billion industry within the next 5 years. Those new products are reaching a critical mass and are about to transform the digital landscape. This not only creates many more ways for us to connect with one another, but also generates more opportunities for identity crimes.
An area of system vulnerability is the physical space between the user and his or her device. In one example, a customer is standing in a busy clothing store that is using a mobile point-of-sale system where customers “check out” with sales representatives who wander about the store with mobile point-of-sale devices. A customer entering a password for a debit card, in a room packed with other shoppers, is exposed to the theft of that number by simple observation.
In another example, a locked door in a corporate setting utilizes a numeric keypad for entry authorization. The password entry process may be compromised by a video surveillance camera aimed at the door, or even by pedestrian traffic in the hallway. Surveillance cameras, or even cameras on mobile devices, exasperate the problem by making possible the recording of password input patterns, creating another point of vulnerability.
The entry of a password or other personal information is normally done using a standard keyboard configuration, such as the configuration 100 shown in FIG. 1A. A “standard keyboard,” as that term is used herein, includes a plurality of keys in standard locations that are familiar to a typical user. The configuration 100 is known as a “QWERTY” keyboard for the beginning of the first row of letters, and evolved from the standard typewriter keyboard. The QWERTY keyboard is a standard keyboard for the entry of standard Latin alphabet characters as well as many other inputs. Other standard keyboards are used in connection with other languages and situations.
A “standard alphabet,” as used herein, is a group of characters known to its users as representing individual sounds, language concepts, numbers or other abstract or tangible ideas. Examples include the Latin alphabet used in most of Europe and the Americas, the Arabic alphabet used in the Middle East, the Cyrillic alphabet used in Russia and alphabets adapted for representing logographic writing systems such as those used in China, Japan and Korea.
Passwords and other personal information may also be entered using a numeric keypad such as the keypad 150 shown in FIG. 1B. The numeric keypad is another example of a standard keyboard. The keypad 150 is based on the standard telephone keypad; other standard arrangements are also used.
It can be seen that, when data is entered using a standard keyboard, a malicious actor can deduce the entered data by observing the spatial pattern traced by the user when entering the data.